/sbin/fixfiles bug (was Re: fixfile.cron added.

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Sat Jul 3 17:47:03 UTC 2004


On Thu, 01 Jul 2004 08:14:09 EDT, Daniel J Walsh <dwalsh at redhat.com>  said:
> Todays policycoreutils has a new cron job, fixfiles.cron, that will run 
> in /etc/cron.daily.   This script will run a check on the file system on 

> Suggestions on improvements?  Comments?

(I'd bugzilla this but I'm offline as I write this)

FC2 devel tree, with policycoreutils-1.14.1-1

The cronjob tosses a few error messages due to a fixfiles bug:

/etc/cron.daily/fixfiles.cron:

/sbin/fixfiles: line 111: [: =: unary operator expected
/sbin/fixfiles: line 111: [: =: unary operator expected
logging to /var/tmp/fixfiles.WBgGN24978

Patch follows:

% diff -up /sbin/fixfiles.dist /sbin/fixfiles
--- /sbin/fixfiles.dist 2004-06-30 13:40:47.000000000 -0400
+++ /sbin/fixfiles      2004-07-03 13:22:59.403549435 -0400
@@ -30,6 +30,7 @@ rpmFlag=0
 rpmFiles=""
 outfileFlag=0
 OUTFILES=""
+logfileFlag=0
 LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX`  || exit 1
 SETFILES=/usr/sbin/setfiles
 FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*rw/{print $3}';`


I also need to figure out why /var/tmp/badcontexts seems to be
totally broken.  In the run-parts output, setfiles says for /var:

/usr/sbin/setfiles:  labeling files under /var
/usr/sbin/setfiles:  relabeling /var/lib/scrollkeeper/TOC/464 from root:object_r:rpm_var_lib_t to system_u:object_r:var_lib_t
/usr/sbin/setfiles:  relabeling /var/lib/scrollkeeper/index/464 from root:object_r:rpm_var_lib_t to system_u:object_r:var_lib_t
/usr/sbin/setfiles:  relabeling /var/run/lpd.515 from system_u:object_r:lpd_var_run_t to system_u:object_r:var_run_t
/usr/sbin/setfiles:  relabeling /var/run/lprng from system_u:object_r:var_run_t to system_u:object_r:lpd_var_run_t
/usr/sbin/setfiles:  hash table stats: 1264 elements, 1264/65536 buckets used, longest chain len

OK... So I have 4 files with context issues on /var (which is an issue in and
of itself, but not the point here. badfilecontexts however contains:

/var/lib/rpm/__db.001
/var/lib/rpm/__db.002
/var/lib/rpm/__db.003
/var/lib/alternatives/print
/var/lib/scrollkeeper/TOC/495
/var/lib/scrollkeeper/TOC/496
/var/lib/scrollkeeper/TOC/497
/var/lib/scrollkeeper/TOC/498
/var/lib/scrollkeeper/TOC/499
<<many lines elided>>
/var/lib/scrollkeeper/TOC/528
/var/lib/scrollkeeper/TOC/529
/var/lib/scrollkeeper/TOC/464
/var/lib/scrollkeeper/index/495
/var/lib/scrollkeeper/index/496
/var/lib/scrollkeeper/index/497
<more lines elided>>
/var/lib/scrollkeeper/index/529
/var/lib/scrollkeeper/index/464
/var/lib/scrollkeeper/scrollkeeper_docs
/var/lib/texmf/ls-R
/var/cache/man/cat8/grub-install.8.bz2
/var/cache/man/cat8/acpid.8.bz2
/var/lock/subsys/psacct
/var/lock/rpm/transaction
/var/run/lpd.515
/var/run/lprng

Total output of the relabelling is about 150 lines, but /var/tmp/badcontexts
is 86,978 lines, many of which make no sense at all (for instance,
it flagged apparently every single file in my Linux kernel source trees
for no apparent reason - consider the following spot check:

# egrep 'linux[^/]*/Makefile$' /var/tmp/badcontext
/usr/src/linux-2.6.7-mm4/Makefile
/usr/src/linux-2.6.7-mm5/security/selinux/Makefile
/usr/src/linux-2.6.7-mm5/Makefile
/usr/src/linux-2.6.7-mm3/Makefile
# ls -l --context /usr/src/linux-2.6.7-mm[345]/Makefile /usr/src/linux-2.6.7-mm5/security/selinux/Makefile
-rw-r--r--  valdis   valdis   system_u:object_r:src_t          /usr/src/linux-2.6.7-mm3/Makefile
-rw-r--r--  valdis   valdis   system_u:object_r:src_t          /usr/src/linux-2.6.7-mm4/Makefile
-rw-r--r--  valdis   valdis   system_u:object_r:src_t          /usr/src/linux-2.6.7-mm5/Makefile
-rw-r--r--  valdis   valdis   system_u:object_r:src_t          /usr/src/linux-2.6.7-mm5/security/selinux/Makefile

When actually relabelling, fixfiles doesn't see anything wrong with
these 4 Makefiles...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20040703/5531b036/attachment.bin 


More information about the selinux mailing list